In some environments, it is useful to be able to log on to selected computers using authentication that doesn’t require a password. For example, if you use a smart card to authenticate your identity, authentication relies on a public and private key exchange using encrypted certificates instead of a password or personal identification number.
If you want to log on to Centrify-managed computers—where the computer is joined to an Active Directory domain using adclient or
- Verify the computers you want to access remotely meet a few basic system requirements, such as having OpenSSH version 7.4 or later.
- Download the SSH master key file (ca.pub), which is a public file that must be installed on each target system you want to access.
- Modify the sshd_config file on each target system.
The location of this file can vary. If you are using a native version of OpenSSH, the path is typically /etc/ssh/sshd_config. If you are using the Centrify-compiled version of OpenSSH, the default path is /etc/centrifydc/ssh/sshd_config.
Update the system settings in the Privileged Access Service to identify the computers you have configured to use the SSH master key and existing accounts. See Updating system settings for more information.
This feature is only supported for Centrify web-based SSH client sessions. It is not supported if accessing a target system using native SSH clients.